Gen3 Technology Consulting isan SBA-certified Woman-Owned Small Business (WOSB) providinga diverse set of technology services and solutions to federal and commercial clients. Founded in 2017, Gen3 leverages over 25 years of information technology management and leadership experience to help our clients define, plan, manage, and achieve their strategic vision while protecting their critical IT assets.We attract and retain the highest caliber of talent by supporting an inclusive work environment, cultivating growth and leadership both professionally and personally, and encouraging work-life balance. We strive to make it our priority to be compassionate, family-friendly, respectful, and flexible.
Gen3’s Joint Ventures,Pivotal Impact(JV with Caladwich) andVetCentric(JV with PingWind) expand our team’sknowledge and expertise as we pool resources to bring federal agencies strong technical, program management, and cyber security solutions, derived by a disciplined management consulting approach.
About the role:
Gen3 seeks a Cybersecurity Compliance SME to provide core programs with multiple experts in the fields of FISMA, NIST, RMF FedRAMP, ISCM and automation to ensure compliance with all applicable requirements, providing in-depth technical analysis for sound compliance/regulatory driven program decisions and input into the multitude of data calls, process improvements, and requirement updates that will need to be implemented throughout the organization.
Location: Remote, Washington, DC area (occasional travel to government sites in MD, DC, and WV).
What you'll do:
- The SME Support Specialist should have expertise in the following areas:
- Security Risk Assessment Services
- NIST Security Control Assessment Execution
- Cybersecurity Supply Chain Risk Management (C-SCRM) Program Execution
- Plan of Action and Milestones (POAM) & Risk Based Decision (RBD) Compliance Management.
- Digital Identity Risk Assessment
- High Value Asset/Critical Infrastructure Protection (HVA/CIP)
- Information System Continuous Monitoring (ISCM)
- Penetration Testing and Continuous Analysis
- Vulnerability Management Detection and Response
- Advanced Application Security Testing
- Cyber Cloud Program Management Office (CCPMO)
- Security Risk Management and Analysis (SRMA)
- Stakeholder Enterprise Cybersecurity Unified Risk Evaluation (SECURE) and Mitigation Support Session (MSS)
- Business Impact Analysis (BIA) and BITA (BIA-ISCP Testing Analytics)
- SRM Front Office Support
What you'll need:
- Knowledge of IRS Business Units and IT enterprise processes organizational processes within the IRS
- Program/Project management experience, experience in monitoring and overseeing multiple tasks and large-scale projects concurrently
- Knowledge/experience with ServiceNow, SharePoint, SPLUNK, BigFix, Cloud Access Security Broker (CASB), Cyber Security Assessment & Management (CSAM), Qmulos Q-Compliance
- Knowledge and experience with technology security engineering, analysis, and assessment
- Knowledge and experience with security architecture principles and system modeling or Pilot efforts
- Knowledge and experience with IT Change Management, Workforce Management and Knowledge Management
What's desired to have:
- Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), Cybersecurity Supply Chain Risk Management (C-SCRM), and ISCM Plan development.
- IT security knowledge with desired Professional Certifications from (ISC)2, ISA, PMI, CompTIA, SANS
- Knowledge of the IRS As-Built-Architecture (ABA) is highly desirable.
- Knowledge and experience with technology risk assessments covering Webservices, network appliances, software, and vendors/suppliers.
- Knowledge and experience with System Development Lifecycle (SDLC) or IRS Enterprise Lifecycle.
- Knowledge of System Interconnections including VPN and other encryption technologies.
- Knowledge and experience with cloud systems, Cloud Service Providers (CSP), and FedRAMP requirements
- Knowledge and experience with Cloud Security
- Establishing sound security policy, architecture, and controls as the foundation for design
- Incorporating security requirements into the system development life cycle
- Delineating physical and logical security boundaries
- Ensuring that system developers are trained on how to build secure software
- Tailoring security controls to meet organizational and operational needs
- Performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk.
- Reducing risk to acceptable levels, thus enabling informed risk management decisions.